Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/__HXJSPT16LkNfyFXQ4FYxuLc0Y.roa
File: __HXJSPT16LkNfyFXQ4FYxuLc0Y.roa (raw, json)
Hash identifier: pdo1KZ7/GkKNM1r+o7BTWrfFP98IxPd/xpz1A1KXJ30=
Subject key identifier: FF:F1:D7:25:23:D3:D7:A2:E4:35:FC:85:5D:0E:05:63:1B:8B:73:46
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 476E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/__HXJSPT16LkNfyFXQ4FYxuLc0Y.roa
Signing time: Tue 23 Apr 2024 19:53:13 +0000
ROA not before: Tue 23 Apr 2024 19:53:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18286 (0x476e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 23 19:53:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FFF1D72523D3D7A2E435FC855D0E05631B8B7346
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:b1:ff:6c:07:01:2b:5e:ed:bf:d8:a7:4b:81:
f7:5c:69:3c:5c:bd:e6:02:16:60:f2:56:67:6a:00:
2d:4c:0f:8f:74:c4:c6:8c:71:99:c0:0f:b6:75:92:
95:4c:42:b8:d0:a2:60:b9:a7:c7:aa:2e:ca:10:0a:
be:b1:f3:c8:6a:ef:bb:31:a2:e4:f6:06:5b:57:61:
82:0e:6c:77:37:b8:99:c8:60:49:72:bd:cb:07:59:
a0:ac:74:b8:a8:13:bb:ec:a1:0e:b2:8b:62:f7:35:
a1:e6:a2:1b:75:db:d5:b2:79:ee:c3:8c:e2:0c:e2:
ab:c8:a3:d1:69:3f:00:1f:29:7b:da:65:8d:be:6b:
93:3b:f7:1c:67:62:ec:6b:57:b0:93:53:bd:fa:15:
30:10:bc:01:f7:0e:9e:25:ba:31:3f:4f:a8:2a:ce:
53:35:99:9a:cf:a0:42:e9:6a:91:6e:29:3b:8b:6a:
8e:bf:dc:9b:93:c9:e8:f2:db:95:31:35:26:d3:0f:
c4:07:a6:6e:b1:d7:a4:21:3f:79:38:7d:37:05:49:
a0:6b:55:c2:19:7e:2d:04:7f:fb:b5:ef:ed:31:00:
b3:1a:ce:7b:32:4e:67:a8:81:ab:0a:4a:1a:27:ff:
70:e7:63:e5:20:e1:ca:bf:3b:95:92:90:5f:a8:9b:
4a:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:F1:D7:25:23:D3:D7:A2:E4:35:FC:85:5D:0E:05:63:1B:8B:73:46
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/__HXJSPT16LkNfyFXQ4FYxuLc0Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
14:d6:17:6f:82:14:7c:3c:76:15:e9:60:42:22:97:00:b4:20:
89:df:82:24:62:6f:a5:d0:80:f9:60:f1:f3:dd:2a:46:f4:7f:
0d:8a:2c:41:92:a0:50:53:f1:dd:b6:1c:2a:f8:81:e4:50:eb:
44:66:05:79:9f:f9:10:2d:7f:64:a3:59:f5:99:f3:31:1e:8d:
b3:4d:e4:9f:dd:92:7e:cb:bb:42:61:ea:84:ce:ef:9b:a0:24:
af:43:cd:4b:3e:cf:a1:ce:e6:7a:69:72:2e:03:b5:f5:cf:16:
93:6f:4c:ac:d2:00:69:ae:e2:dc:14:68:42:93:4b:43:09:de:
3f:9d:80:0e:1e:d8:b8:47:db:76:e6:a5:22:26:e4:16:70:a8:
57:0d:38:77:5e:7c:21:5a:15:0a:fd:20:79:27:71:94:5a:5a:
1f:aa:91:e1:4e:84:8e:a2:5a:c2:77:7a:31:4a:a2:8c:dd:bd:
96:83:5d:e0:d0:21:4d:24:af:d1:c5:8e:3e:52:1e:2d:e9:0f:
dd:77:4e:13:9e:60:4d:10:f7:ff:58:5d:d7:ba:db:25:ed:bc:
98:78:71:7f:44:69:be:cd:8f:20:ec:fc:07:13:5f:4f:d4:66:
7b:c1:af:f4:a5:d0:a9:7b:9a:9b:b3:7c:05:a7:0c:f3:51:6b:
5f:f1:27:4b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICR24wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjMx
OTUzMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZGRjFENzI1MjNEM0Q3
QTJFNDM1RkM4NTVEMEUwNTYzMUI4QjczNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrsf9sBwErXu2/2KdLgfdcaTxcveYCFmDyVmdqAC1MD490xMaM
cZnAD7Z1kpVMQrjQomC5p8eqLsoQCr6x88hq77sxouT2BltXYYIObHc3uJnIYEly
vcsHWaCsdLioE7vsoQ6yi2L3NaHmoht129Wyee7DjOIM4qvIo9FpPwAfKXvaZY2+
a5M79xxnYuxrV7CTU736FTAQvAH3Dp4lujE/T6gqzlM1mZrPoELpapFuKTuLao6/
3JuTyejy25UxNSbTD8QHpm6x16QhP3k4fTcFSaBrVcIZfi0Ef/u17+0xALMaznsy
TmeogasKShon/3DnY+Ug4cq/O5WSkF+om0q3AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU//HXJSPT16LkNfyFXQ4FYxuLc0YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19fSFhKU1BUMTZMa05m
eUZYUTRGWXh1TGMwWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAFNYXb4IUfDx2FelgQiKXALQgid+CJGJv
pdCA+WDx890qRvR/DYosQZKgUFPx3bYcKviB5FDrRGYFeZ/5EC1/ZKNZ9ZnzMR6N
s03kn92Sfsu7QmHqhM7vm6Akr0PNSz7Poc7memlyLgO19c8Wk29MrNIAaa7i3BRo
QpNLQwneP52ADh7YuEfbdualIibkFnCoVw04d158IVoVCv0geSdxlFpaH6qR4U6E
jqJawnd6MUqijN29loNd4NAhTSSv0cWOPlIeLekP3XdOE55gTRD3/1hd17rbJe28
mHhxf0Rpvs2PIOz8BxNfT9Rme8Gv9KXQqXuam7N8BacM81FrX/EnSw==
-----END CERTIFICATE-----
Generated at Sun Jun 22 09:00:37 2025 by rpki-client